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the report since they do not contain amendments.): 
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1 with telefax of 09/1 2/1 999 
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□ the description, pages: 

□ the claims, Nos.: 

□ the drawings, sheets: 
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1. Statement 

Novelty (N) Yes: Claims 1-8 

No: Claims 

Inventive step (IS) Yes: Claims 

No: Claims 1 -8 

Industrial applicability (IA) Yes: Claims 1-8 

No: Claims 



2. Citations and explanations 
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Re Item V 

Reasoned statement under Article 35(2) with regard to novelty, inventive step or 
industrial applicability; citations and explanations supporting such statement 

1 The subject matter of the claims lacks an inventive step having regard to the 
disclosure of:- 

D1 : EP-A-0 658 054 (NEWS DATACOM LTD) 14 June 1995 ; and 
D2: CHAMBERS W G: 'SOLUTION OF WELCH-BERLEKAMP KEY EQUATION 
BY EUCLIDEAN ALGORITHM* ELECTRONICS LETTERS, vol. 29, no. 1 1, 27 
May 1993, page 1031 XP000372940 

2 D1 discloses a conditional access system for use with a network including a 
transmitter and a multiplicity of receivers, each receiver being independently 
enabled by a secret number and when enabled being responsive to data received 
from the transmitter for decrypting encrypted information, each of the multiplicity 
of receivers including: a first key generator, employing at least part of the data 
and a function which differs for at least a plurality of ones of the multiplicity of 
receivers, for generating a first key which is different for each receiver having 
a different function, a second key generator employing at least part of the data 
and the function to produce a second key, and a secret number generator utilizing 
the first key with the second key to produce the secret number which is the same 
for all of the multiplicity of receivers, whereby first and second keys intercepted at 
a first receiver cannot be effective to enable a second receiver having a different 
function. 

3 All features of amended claim 1 are known from the citation D1, with the sole 
exception that (as defined in feature (c) of the claim) "said second value being 
pre-stored in said smart card" (emphasis added). In D1 and "algorithm" is used 
(see D1 col 6, lines 16-20) to generate one of two keys ("seed3" and "delta3") 

. used to descramble the received signals. While D1 does not explicitly mention the 
use of a stored constant value in this algorithm which would read onto the sole 
distinguishing feature of claim 1 and thereby fully anticipating the claim's subject 
matter, it is hardly conceivable that any appropriate algorithm might not involve 
such a value (or defacto effective second key). In any event the provision of such 
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an element in the algorithm of D1 is regarded to be a mere matter of routine 
design normally to be expected of a skilled person. 

4 The further specification that the second value is pre-stored in the smart card can 
have no real technically limiting effect upon the claim scope. This is because no 
time frame is defined in the claim w.r.t. the act of storing the second value, which 
could exclude the interpretation that the pre-stored value was simply derived from 
an earlier part of the respective signal transmission. 

4 Claims 2-4 define only matters of routine design for a skilled person and thus also 
lack inventive step. In particular the features of points in a "Euclidean plane" and 
"calculation of the Y intercept" for generation of decoding keys is a k nown 
technique jn this technical field as demonstrated by the disclosure of D2. The 
polynomial used in the embodiments of the present application relate to first order 
linear functions with minimum computational requirement and are thus the very 
first functions which a skilled person would inevitably consider using. Similar 
objection applies to the subject matter of claims 5-8. 
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Reasoned statement under Article 35(2) with regard to novelty, inventive step or 
industrial applicability; citations and explanations supporting such statement 

1 The subject matter of the claims lacks an inventive step having regard to the 
disclosure of:- 

D1 : EP-A-0 658 054 (NEWS DATACOM LTD) 1 4 June 1 995 ; and 
D2: CHAMBERS W G: 'SOLUTION OF WELCH-BERLEKAMP KEY EQUATION 
BY EUCLIDEAN ALGORITHM' ELECTRONICS LETTERS, vol. 29, no. 11, 27 
May 1993, page 1031 XP000372940 

2 D1 discloses a conditional access system for use with a network including a 
transmitter and a multiplicity of receivers, each receiver being independently 
enabled by a secret number and when enabled being responsive to data received 
from the transmitter for decrypting encrypted information, each of the multiplicity 
of receivers including: a first key generator, employing at least part of the data 
and a function which differs for at least a plurality of ones of the multiplicity of 
receivers, for generating a first key which is different for each receiver having 
a different function, a second key generator employing at least part of the data 
and the function to produce a second key, and a secret number generator utilizing 
the first key with the second key to produce the secret number which is the same 
for all of the multiplicity of receivers, whereby first and second keys intercepted at 
a first receiver cannot be effective to enable a second receiver having a different 
function. 

3 All features of amended claim 1 are known from the citation D1 , with the sole 
exception that (as defined in feature (c) of the claim) "said second value being 
pre-stored in said smart card" (emphasis added). In D1 and "algorithm" is used 
(see D1 col 6, lines 16-20) to generate one of two keys ("seed3" and "delta3") 
used to descramble the received signals. While D1 does not explicitly mention the 
use of a stored constant value in this algorithm which would read onto the sole 
distinguishing feature of claim 1 and thereby fully anticipating the claim's subject 
matter, it is hardly conceivable that any appropriate algorithm might not involve 
such a value (or defacto effective second key). In any event the provision of such 
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an element in the algorithm of D1 is regarded to be a mere matter of routine 
design normally to be expected of a skilled person. 

4 The further specification that the second value is pre-stored in the smart card can 
have no real technically limiting effect upon the claim scope. This is because no 
time frame is defined in the claim w.r.t. the act of storing the second value, which 
could exclude the interpretation that the pre-stored value was simply derived from 
an earlier part of the respective signal transmission. 

3 Claims 2-4 define only matters of routine design for a skilled person and thus also 
lack inventive step. In particular the features of points in a "Euclidean plane" and 
"calculation of the Y intercept" for generation of decoding keys is a known 
technique in this technical field as demonstrated by the disclosure of D2. The 
polynomial used in the embodiments of the present application relate to first order 
linear functions with minimum computational requirement and are thus the very 
first functions which a skilled person would inevitably consider using. Similar 
objection applies to the subject matter of claims 5-8. 
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1 

poMnmnNAL A fifiPRR SYSTEM FOR DIGITAL RECEIVERS 

G 

Field of the Invention 

This invention concerns a system for providing conditional access (i.e., 
managing access) to a received scrambled audio/visual (A/V) signal from a 

io variety of sources, such as. broadcast television networks, cable television 
networks, digital satellite systems, and internet service providers. Utilizing the 
concept of secret sharing, the system does not require full descrambling keys to 
be sent to the receiving device under encryption. The keys are recovered using a 
seed value received from the service provider and a seed value stored In the 

is device. 

Background of the Invention 



20 



25 



30 



Today, a user may receive services from a variety of service providers, 
such as broadcast television networks, cable television networks, digital satellite 
systems, and internet service providers. Most television receivers are capable of 
receiving unscrambled information or programs directly from broadcast and cable 
networks. Cable networks providing scrambled (or encrypted) programs usually 
require a separate stand alone set-top box to descramble (or decrypt) the 
program. Similarly, digital satellite systems usually provide scrambled programs 
that also require the use of a separate set-top box. These set-top boxes may 
utilize a removable smart card which contain the keys necessary for recovenng 
the scrambling or descrambling keys. Protection of these important keys is 
paramount to prevent unauthorized copying of the programming. 

European Patent Application Number EP-A-0 658 054 discloses 
generating a descrambling key using two pieces of transmitted data. 



Summar y of the Invention 

In a conditional access (CA) system, the signals are usually 
scrambled using symmetric ciphers such as the Data Encryption Standard (DES). 
For securi^ reasons, the scrambling key is 



AMENDED SHEET 



RCA 88783 ^ Q 

8 

Claims 

5 1 . A method for managing access to a signal representative of an event of a 
service provider, said method comprising: 

(a) receiving said signal In a smart card, said signal being scrambled 

using a scrambling key; 
10 (b) receiving, in said smart card, data representative of a first seed 

value; 

characterized in that 

(c) generating said scrambling key using said first seed value and a 
second seed value, said second seed value being pre-stored in said smart card; 

15 and 

(d) descrambling said signal using said generated scrambling key to 
provide a descrambled signal. 

2. The method of Claim 1 wherein said first and second seed values are 
20 points on a Euclidean plane. 

3 The method of Claim 2 wherein the step of generating said scrambling key 
comprises calculating the Y-intercept of a line formed on said Euclidean plane by 
said first and second seed values. 

4. The method of Claim 3 wherein said smart card has a card body having a 

, , , „ _ el .rfaro 0 f said card body in accordance with 

plurality of terminals arranged on a surtace ot sara caru u y 



one 



of ISO 7816 and PCMCIA card standards. 
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5. In combination in a system for managing access between a service 
provider and a device having a smart card coupled thereto, said device 

performing the steps of: 

(a) receiving from the service provider a signal representative of an 

event, said signal being scrambled using a scrambling key, 
„ (b) receiving from the service provider data representative of a first 

seed value, said first seed value being selected from a Euclidean plane; 

characterized in that 

(c) coupling said scrambled signal and said first seed value to said 
smart card, said smart card having a means for access control processing; 
L5 said access control processing means comprising means for generating said 
scrambling key by calculating the Y-intercept of a line on said Euclidean plane by 
said first seed value and a second seed value, said second seed value being pre- 
stored in said smart card and means for descrambling said signal using said 
generated scrambling key to generate a descrambled signal; and 
20 (d) receiving from said smart card said descrambled signal. 



6. 



The combination of Claim 5 wherein the device is a set-top box. 
7. The combination of Claim 5 wherein the device is a digital television. 
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Field of the Invention 

: 5 This invention concerns a system for providing conditional 

access (i.e., managing access) to a received scrambled audio/visual 
(A/V) signal from a variety of sources, such as, broadcast 
television networks, cable television networks, digital satellite 
systems, and internet service providers. Utilizing the concept of 
10 secret sharing, the system does not require full descrambling keys 
to be sent to the receiving device under encryption. The keys are 
recovered using a seed value received from the service provider 
and a seed value stored in the device. 

15 Backgro und of the Invention 

Today, a user may receive services from a variety of service 
providers, such as broadcast television networks, cable television 
networks, digital satellite systems, and internet service providers. 

20 Most television receivers are capable of receiving unscrambled 
information or programs directly from broadcast and cable 
networks. Cable networks providing scrambled (or encrypted) 
programs usually require a separate stand alone set-top box to 
descramble (or decrypt) the program. Similarly, digital satellite 

25 systems usually provide scrambled programs that also require the 
use of a separate set-top box. These set-top boxes may utilize a 
removable smart card which contain the keys necessary for 
recovering the scrambling or descrambling keys. Protection of 
these important keys is paramount to prevent unauthorized 

30 copying of the programming. 

Summary of the Invention 

In a conditional access (CA) system, the signals are usually 
35 scrambled using symmetric ciphers such as the Data Encryption 
Standard (DES). For security reasons, the scrambling key is 
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changed frequently, the period of change being as frequent as 
every few seconds. The protection of the descrambling keys, 
which need to be sent with the signals, is often provided by 
public-key cryptography. Public-key cryptography introduces 
problems associated with the public key infrastructure and 
distribution of the keys. This invention resides, in part, in 
recognition of the described problem and, in part, in providing a 
solution to the problem. 

A signal (e.g., an event or program) as described herein 
comprises information such as (1) audio/visual data (for example, 
a movie, weekly "television" show or a documentary); (2) textual 
data (for example, an electronic magazine, paper, or weather 
news); (3) computer software; (4) binary data (for example, 
images); (5) HTML data (for example, web pages); or any other 
information for which access control may be involved. The service 
providers include any provider broadcasting events, for example, 
traditional broadcast television networks, cable networks, digital 
satellite networks, providers of electronic list of events, such as 
electronic program guide providers, and in certain cases internet 
service providers. 

Generally, the present invention defines a method for 
managing access to a signal, representative of an event of a 
service provider, utilizing a smart card. That is, this method 
comprises receiving in a smart card, a signal that is scrambled 
using a scrambling key, receiving data representative of a first 
seed value, generating the scrambling key using the first seed 
value and a second seed value that is stored in the smart card and 
descrambling the signal using the generated scrambling key to 
provide a descrambled signal. 

In accordance with one aspect of the present invention, the 
first and second seed values are points on a Euclidean plane and 
the step of generating the scrambling key comprises calculating 
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the Y-intercept of the line formed on the Euclidean plane by the 
first and second seed values. 

In accordance with still another aspect of the present 
5 invention, a system for managing access between a service 

provider and a device having a smart card coupled to the device 
involves the device performing the steps of receiving from the 
service provider a signal representative of an event that is 
scrambled using a scrambling key, receiving from the service 

10 provider data representative of a first seed value selected from a 
Euclidean plane, and coupling the scrambled signal and the first 
seed value to the smart card. The smart card has a means for 
access control processing comprising means for generating a 
scrambling key by calculating the Y-intercept of the line formed in 

15 the Euclidean plane by the first seed value and a second seed 
value stored in the smart card and means for descrambling the 
signal using the generated scrambling key to generate a 
descrambled signal. 

20 These and other aspects of the invention will be 

explained with reference to a preferred embodiment of the 
invention shown in the accompanying Drawings. 

Brief Description of the Drawing 

25 

Figure 1 is a block diagram illustrating one architecture for 
interfacing a common set-top box to a variety of service providers. 

Figure 2 is a block diagram of an exemplary implementation 
30 of a system for managing access to a device in accordance with the 
invention; 



35 



Figure 3a is a graphical representation of the determination 
of the scrambling key in accordance with one embodiment of this 
invention; and 
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Figure 3b is a graphical representation of an allocation of a 
unique and non-overlapping range for each service provider in 
accordance with Figure 3a. 

5 Detailed Description of the Drawing 

The present invention provides a conditional access system 
which may be utilized to obtain services from one of a plurality of 
sources. The conditional access system when implemented within 

10 a device, such as a digital television, digital video cassette recorder 
or set-top box, provides convenient management of the 
descrambling keys because only a portion of the seed value 
necessary for key generation is stored therein. For simplicity, the 
below description of the invention will be directed towards an 

15 implementation using a digital television and a smart card. 

In Figure 1, system 30 depicts the general architecture for 
managing access to a digital television (DTV) 40. Smart Card (SC) 
42 is inserted into, or coupled to, a smart card reader 43 of DTV 

20 40; an internal bus 45 interconnects DTV 40 and SC 42 thereby 
permitting the transfer of data therebetween. Such smart cards 
include ISO 7816 cards having a card body with a plurality of 
terminals arranged on a surface in compliance with National 
Renewable Security Standard (NRSS) Part A or PCMCIA cards 

25 complying with NRSS Part B. Conceptually, when such a smart 
card is coupled to a smart card reader, the functionality of the 
smart card may be considered to be a part of the functionality of 
the device (e.g., DTV 40) thus removing the "boundaries" created 
by the physical card body of the smart card. 

30 

DTV 40 can receive services from a plurality of service 
providers (SPs), such as a broadcast television SP 50, a cable 
television SP 52, a satellite system SP 54, and an internet SP 56. 
Conditional Access Organization (CA) 75 is not directly connected 
35 to either the service providers or STB 40 but deals with key 
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management and issues public and private key pairs which may 
be used, if necessary, as explained below. 

The present invention employs the concept of secret sharing 
5 which eliminates the requirement for using public key 

cryptography to ensure secure transmission of the audio/visual 
(A/V) stream from a service provider. A variation of a secret 
sharing scheme, developed by Adi Shamir, is known as a threshold 
scheme. An (m, n) threshold scheme involves breaking a secret 

10 into n pieces (which may be called shadows), in such a way that at 
least m (<=n) of the pieces are required to reconstruct the secret. 
A perfect threshold scheme is a threshold scheme in which a 
knowledge of m-1 or fewer shadows provides no information 
about the secret. For example, with a (3,4)-threshold scheme, the 

15 secret is divided into four portions but only three of the four 
portions are required to reconstruct the secret. Two of the 
portions, however, cannot reconstruct the secret. In Shamir's (m, 
m) threshold scheme, choosing a higher value for m, and storing 
(m-1) secrets in the card would increase the system's resistance to 

20 ciphertext only attacks, but would lead to more computations for 
polynomial construction. 

Such a threshold scheme reduces the computational 
requirements for the card in DES key recovery. For each new key, 
25 only a simple operation is performed (i.e., the value of the 

polynomial at x = 0 is computed) as compared to RSA decryption 
which involves modular exponentiation. Additionally, security is 
"perfect" (i.e., given knowledge of (x ( , y,), all values of the secret 
remain equally probable). 

30 

Figures 2 and 3 together, demonstrate one embodiment of 
the present invention. Particularly, stored in SC 42 is a first seed 
value (or data point). The first seed value may be thought of as a 
single point on a Euclidean plane, i.e., in the form of (xO, yO). 
35 Service provider 58 transmits a signal (or event or program) that 
may be scrambled by a symmetric key, for example a Data 
Encryption Standard (DES) key. In addition to the scrambled 
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signal, service provider 58 transmits a second seed value. 
Similarly, the second seed value may be a second single point 
from the same Euclidean plane, i.e., in the form of (xl, yl). 

5 The scrambled A/V signal and the second seed value is 

received by DTV 40 and is coupled to SC 42 for processing. SC 42 
receives the second seed value and utilizes both the stored first 
seed value and the received second seed value to reconstruct (or 
recover) the symmetric key. SC 42 uses the reconstructed 
10 symmetric key to descramble the received scrambled A/V signal 
and generate a descrambled A/V signal. This descrambled A/V 
signal is provided to DTV 40 for display. 

Recovery of the symmetric key is achieved by constructing a 
15 polynomial utilizing the first and the second seed values; the y- 

intercept of the constructed polynomial is the symmetric key. For 
example, given (xO, yO) and (xl, yl), the symmetric key is 
constructed by computing the value of 

[{(yl-y0)/(xl-x0)}(x-x0)] + yO at x = 0. Figure 3a illustrates a 
20 graphical representation of the present invention. 

Such an approach permits more than one service provider to 
share the stored second seed value (xO, yO). Each service provider 
would then be free to choose its own first seed value. The 

25 probability of constructing polynomials with identical y-intercepts 
(i.e., identical symmetric keys) is low. However, the range of 
possible second seed values could be allocated such that each 
service provider has a unique and non-overlapping range (see 
Figure 3b). Further, it is within the scope of the present invention 

30 that each service provider could choose its own first seed value 
which could be encrypted using the public key of the smart card 
before downloading. The seed value would be recovered by the 
smart card using its stored private key (K SCpri ). 

35 The general architecture of system 30 lends itself to 

achieving the goal of minimizing the amount of information (or 
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keys) that needs to be stored in a smart card to permit access to 
more than one service provider. 

The robustness of the defined system may be increased by 
5 scrambling portions of the event with different keys and 

transmitting different second seed values. Further, it is within the 
scope of the present invention that more than two seed values 
may be used to recover the symmetric key. For example, two or 
more seed value may be stored in the smart card and a seed value 
10 may be transmitted with the encrypted A/V signal. The 

symmetric key would be recovered using all of the seed values. 

While the invention has been described in detail with 
respect to numerous embodiments thereof, it will be apparent that 
15 upon reading and understanding of the foregoing, numerous 

alterations to the described embodiment will occur to those skilled 
in the art and it is intended to include such alterations within the 
scope of the appended claims. 
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Claims 

1. A method for managing access to a signal representative of 
an event of a service provider, said method comprising: 

(a) receiving said signal in a smart card, said signal being 
scrambled using a scrambling key; 

(b) receiving, in said smart card, data representative of a 
first seed value; 

(c) generating said scrambling key using said first seed 
value and a second seed value, said second seed value being 
stored in said smart card; and 

(d) descrambling said signal using said generated 
scrambling key to provide a descrambled signal. 

2. The method of Claim 1 wherein said first and second seed 
values are points on a Euclidean plane. 

3. The method of Claim 2 wherein the step of generating said 
scrambling key comprises calculating the Y-intercept of a line 
formed on said Euclidean plane by said first and second seed 
values. 

4. The method of Claim 3 wherein said smart card has a card 
body having a plurality of terminals arranged on a surface of said 
card body in accordance with one of ISO 7816 and PCMCIA card 
standards. 



WO 99/30498 



PCT/US98/26069 



9 

5. In combination in a system for managing access between a 
service provider and a device having a smart card coupled 
thereto, said device performing the steps of: 

(a) receiving from the service provider a signal 
representative of an event, said signal being scrambled using a 
scrambling key; 

(b) receiving from the service provider data 
representative of a first seed value, said first seed value being 
selected from a Euclidean plane; 

(c) coupling said scrambled signal and said first seed 
value to said smart card, said smart card having a means for 
access control processing; 

said access control processing means comprising means for 
generating said scrambling key by calculating the Y-intercept of a 
line on said Euclidean plane by said first seed value and a second 
seed value, said second seed value being stored in said smart card 
and means for descrambling said signal using said generated 
scrambling key to generate a descrambled signal; and 

(d) receiving from said smart card said descrambled 
signal. 

6. The combination of Claim 5 wherein the device is a set-top 
box. 

7. The combination of Claim 5 wherein the device is a digital 
television. 
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8. The combination of Claim 5 wherein the device is a digital 
video cassette recorder. 
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